Wednesday, 20 March 2013

[EN] Modules in your own webscanner - XSS over POST

This is another example of how python can be used to build (maybe simple but) useful
webapp scanner. This part (called 'module') can be used to figureout where in tested page we
will have a possibility of XSS vulnerablity (via HTTP POST).

It could be a good exercise to connect all of those 'modules' to build 'one code'
to test all vulnerabilities.

To start, create a file named try_POST_xss.py. (Like before, we will need chmod u+x for this file.)
Source code you can find below:

#!/usr/bin/env python
# ----
# try_POST_xss.py
# ----
# first we will GET argv[1]/page.argv[2] to read it
# and find out what names/inputs/submits/etc... there are.
# next we will POST those param-names separetly with 'payload'.

# enjoy.

import urllib
import urllib2
import re
import sys
import httplib

host = sys.argv[1]
path_file = sys.argv[2]
url = host+':80'

url_file = url+path_file

payload = 'your<xss<code<here' # for example script+alert(2222) - see below ;)
# if you want I have version 'payloads-from-file' too.

# first we must GET page, to read whole text to find
# if there is any of our 'vulnerable' ('to find') string.
get_connect = urllib.urlopen('http://'+url_file)
get_response = get_connect.read()
status = get_connect.getcode()